carbanak / cobalt - europol€¦ · internal network, infecting the servers and controlling atms 2...
TRANSCRIPT
A global threat to financial institutions
Cobalt starting point
Countries affected by Cobalt
Countries affected by Carbanak and Cobalt
2014 2015 2016 2017
CarbanakCobalt
How it works
Carbanak / Cobalt
Spear-phishing emails are sent to bank employees to infect their machines
INFLATING ACCOUNT BALANCESThe criminal raises the balance of bank accounts and money mules withdraw the money at ATMs
DEVELOPMENTThe cybercriminal is the brains of the operation and develops the malware 1
INFILTRATION AND INFECTIONThe cybercriminal deploys the malware through the bank’s internal network, infecting the servers and controlling ATMs
2
HOW THE MONEY IS STOLEN
3
MONEY LAUNDERING
4
CONTROLLING ATMsThe criminal sends a command to specific ATMs to spit out cash and money mules collect the money
The stolen money is converted into cryptocurrencies
MONEY TRANSFERThe criminal transfers the money into their account or foreign bank accounts
Infected infrastructure
Bank employee